WordPress Plugins Battling Evil

I hate to admit it, but there is evil on the web. And it is often aimed directly at bloggers.

Comment Spam WordPress Plugins

One of my greatest fears on Lorelle on WordPress is that Akismet will go off-line or suddenly stop working. If their servers go down, it’s nightmare hell for Lorelle.

The number of comment spam you get on your blog is not indicative of how popular your blog is. It’s an indication of how many incoming links you have coming from highly comment spammed blogs as many comment spamming web crawling bots trace links from one blog to another to spread their evil nasties.

However, if the number of comment spam is an indicator of a blog’s success, I think I’m one of the most popular bloggers around. 😀

I get anywhere from 300 to 2000 comment spam a day. It wasn’t always like this. In the past four months, I’ve been unable to adequately scan comment spam looking for false positives. Two days away traveling and I’m greeted with 3,000 comment spams to cruise through looking for potentially misdirected comments. It’s overwhelming. I do my best to randomly check, but reading through all the sex, porn, golden showers, casinos, mortgages, furniture sales, real estate sales, sexual enhancers, sexual stimulators, and…well, thousands of gross and disgusting comment spams just aren’t much fun to read.

Akismet continues to be one of the most popular comment spam fighting tools around. One of the most important reasons why Akismet continues to be the most popular and successful is that is a team effort.

When you use Akismet to mark a comment as comment spam, the comment spam information is added to a master database. When that type of comment spam hits my Akismet-enabled blog, it will get caught because you helped the program recognize it. You helped me fight off comment spam. When I mark a comment as comment spam, you get the return benefit. We work together as a community to put an end to blog comment spam.

Akismet isn’t just for WordPress blogs. According to the Akismet Development List and Resources, Akismet works with Movable Type, Drupal, phpBB, Blojsom, Bloxsom, Geeklog, Serendipity, Nucleus, b2evolution, PunBB, Express Engine, Coppermine, Lifetype, Simple Machine Forums, and others. If we all work as a team, from a variety of sources, we might represent a very big hammer against comment spam.

Combined with Bad Behavior and Spam Karma 2 WordPress Plugins, you can put your comment spam fighting battle to rest. If one fails, you have a backup plan in place.

Spam Karma 2 is one of the oldest comment spam fighting tools. It’s long been doing battle to capture and hold comment spam out of your comments until you inspect them. I’ve been using it for over three years and it continues to slap down and stop comment spam on my blogs.

Referrer Bouncer WordPress Plugin by Angsuman offers another method of stopping comment spam. It “bounces back referrer spam attempts” without an upfront configuration or mod-rewrite. Similar to Bad Behavior, the author designed it to work without you even notice it working.

The volunteers behind these brilliant comment spam fighting tools work overtime to make sure their tools stick with the battle. If you use their WordPress Plugins, consider donating some funding, or at least help by promoting their work, in order to encourage continued development.

Honestly, if these stopped working, the weight of comment spam attacks would crush almost all WordPress bloggers. Help them continue the fight.

Comment Tests, Questions, Math, and Captchas

I’d like to list the many other WordPress Plugins which offer comment filters and protectors like CAPTCHAs and tests for your readers, but they don’t work.

Sure, they make you feel like you are “doing something” against the evil onslaught of comment spam.

At first, you think they are working. The comment spam load drops off. It doesn’t matter that your readers are forced to answer inane questions (My name is Bill. What is my name?), add numbers, or bend their eyes within their sockets to figure out what the heck are those twisted letters and numbers against a hard-to-read background. It only matters that for a short time, you might be getting less comment spam.

Why don’t they work? They work against stupid comment spam bots, but they don’t work against the better ones with programming abilities to bypass these test. And they certainly don’t work on the growing trend in using humans to comment spam. I think these low paid, often third-world workers, can figure out what 4+1 equals and that your name is Bill in order to meet their quota for spreading their filth around the web.

While there are a variety of comment spam protection testing and CAPTCHA WordPress Plugins out there, why waste your time when they don’t work for long. Many blog readers tell me they won’t comment when they see a CAPTCHA as they have a long history of not working and making the comment process take much longer than it should. People lose interest when they have to pass a test to leave a comment. Why punish and torture your readers?

Splogs, Scrapers, and Thieves

Another evil on the web comes from those who can’t do anything for themselves, including coming up with their own blog content. These creeps steal content from other bloggers and use it to stuff their blogs with illegal content to promote their money-making schemes.

The first stop on our list of evil stopping WordPress Plugins are Plugins which help you include copyright notices and legal policies in your WordPress blogs. It doesn’t stop content theft, but copyright notices and a visible legal policy help to warn potential thieves and is a great CYA (cover your ass) when you go to battle against content theft.

The Blog Copyright WordPress Plugin by guff.szub.net displays a dated copyright mark on all your pages, including a date range for categories and other multi-post page views. It also offers full customization features.

The Disclosure Policy WordPress Plugin is a new WordPress Plugin that adds an area at the bottom of every post for you to include a copyright notice, public disclosure message, links to legal and/or comment policies, and other “messages” to help protect your blog’s content.

26 Comments

Thanks for another informative article, Lorelle! I use the Anti-spam Triumvirate of Akismet, Spam Karma 2 and Bad Behavior, which have been quite handy.

A nasty form of splogging which I’ve noticed is where a splog site would (1) scrape an excerpt of an article I wrote, (2) claim that they wrote it(!), and (3) also include a link back to my site (not as a trackback) which is labeled as “orginal author/source.” It’s downright disturbing. Strangely, Antileech doesn’t seem to work in those cases, after adding their domains and IPs. Wonder why…

Thanks for the mention of Disclosure Policy Plugin Lorelle. It is targeted more for disclosure than protecting you content.
If you are syndicating your content, your disclosure should go with it in some way, for your own legal protection.

The numbers of splogs that now use trackbacks to inject spam (which is effectively a ‘valid’ method as far as blog engines are concerned) is also massively on the rise. And pretty hard to combat, as anti-trackback spam plugins won’t stop perfectly valid trackbacks.

Lorelle, as always, you do a great job of giving the rest of us *really* useful information that makes our blogging easier.

I was wondering if you have found an easy way to keep up with updates to the plugins you use. When I upgraded to WP2.1, I spent a lot of time checking on the status of the plugins I rely on. I first visited the WP site and checked my list against their list of 2.1-compatible plugins. Then I visited the site of every plugin I use to see if they had an updated version or to check on the status of plugins that didn’t make it on the compatibility list. This time, I did create a special set of bookmarks for my plugins so that I can more easily follow up on them. But I wondered if there’s a site that not only tracks plugins but also tracks updates to plugins? I would love to know your strategy for staying current on plugins.

Andy: The Disclosure Policy Plugin is much more than just a disclosure, it’s a great way of adding copyright information. Your Plugin offers another options for people to get their legal information and policies visible on their WordPress blogs. It’s wonderful.

As for spam, that’s a different issue than copyright. Don’t confuse the two, folks. Copyrights and splogs go together, comment spam is a different issue, but all are evil ickies on the web.

Dan: I listed information on staying on top of WordPress Plugins in Where to Find WordPress Plugins, including the Update Manager WordPress Plugin which checks the WP-Plugins.net database for updates. It doesn’t work with all WordPress Plugins yet, but hopefully it will soon as Plugin authors update their Plugins and information in the database there.

Other than that, I click on the link to the Plugin author’s page from the Plugin panel and see if they have an update listed on that page. The authors who don’t list updates on their site in a sensible and obvious way make this process difficult, so I dig in and do some searching. It’s a pain, but hopefully there will more automation with the process with things like this new Update Manager.

I’ve recently written a plugin that examines your Bad Behavior logs and your spam queue and closes down comments and trackbacks altogether to IP addresses that are misbehaving. It also lets you reject comments outright if they have too many hyperlinks or BBCode links (which WordPress doesn’t use, but which crops up in a huge percentage of spam nonetheless).

It’s the latest version (1.3 alpha 1) of my Comment Timeout plugin. Sorry, perhaps I need to make it a bit clearer on my home page 🙂

BBCode is a simplified markup language that is used on a lot of forum systems. It’s where you see [url=some url] or something like that all over the place in your comment spam. I find that about two thirds of spam comments contain it, but the only time you ever see it in a legitimate comment is when someone is trying to explain what BBCode is. WordPress doesn’t actually use it, so any comments on WordPress blogs that have it are almost certainly spam.

Great roundup! I didn’t know about the existence of plugins that can track content theft.

I disagree with the statement that the plugins which implement javascript or captcha tests do not work, but I have explained all this in a post, a trackback of which has been sent to this post of yours.

Thanks for all the info and also for including my CC plugin in this round-up 🙂

WP-BAN is missing from that list! Kill Spam before it even gets the chance to cause even one SQL query. Ban the IP or IP ranges. All spammers get is a single simple page telling them that they are banned.
And you know what? Having completely banned 1354 attempts to spam in one week feels good! 😀

Lorelle, I love “bend their eyes within their sockets to figure out what the heck are those twisted letters and numbers against a hard-to-read background”! How true. CAPTCHAs are definitely an accessibility issue for many individuals.

But are CAPTCHAs dead? In today’s Viddler newsletter, “Some of the more notable features include API updates, Captcha on forums, updated Vidgets, and much more.” I have not yet checked to see what these CAPTCHAs are like. I’m scared to!

Just wanted to thank you for the last hour or so reading here. At a new site, I noticed a different kind of comment spam. At the fracas blog, I receive tons of typical spam, just as you’ve described here, and askimet does catch most of it, but at this new site, I’m suddenly receiving comment copy spam, where a legitimate comment is quickly copied and reposted. Askimet is catching some of that, but not enough. I was thrown, because since it’s real comments being copied, you don’t automatically recognize it as spam unless you’ve read the real comment and remember what was said. Having guest authors, I don’t always follow the comment conversations between them and the people who come to read them… and leave personal comments to the guest author so this makes it difficult to pick up on what’s real and what’s spam.

I’d been reading for a solution and had found at another site, people insisting the use of CAPTCHA was necessary. Having read here though, I felt I should thank you for having this here. Indeed, I’d rather find a real solution than just think I’m doing something by using CAPTCHA if it’s not really effective.

I may write something at my own site about all of this. Is is ok to quote from you (with link and credit of course)?

CAPCHAs do not work. Comment spammers have a job to outwit you and your visitors with their comment spam. For more information and coverage, see other articles I’ve written on comment spam and spammers extensively, including human spammers, here on on the Blog Herald. As spammers get better at their job, we have to be more diligent. This is why Akismet is so awesome. It’s based on community input. When you mark new spam as spam, it goes into the database and I might not get it. We all have to work together to stop it as no one seems to be interested in killing it at the source.

The problem with Akismet is that it and their users easily and wrongfully blacklists countless of domains of which doesn’t deserve the permanent life time ban. Akismet has become a new sort of Internet police that can easily be used to black list ones competitors.

The fact is that it doesn’t take much to get on this ban list, and when some blog owner has decided that you belong there? Well there isn’t anything that you can do. Akismet won’t answer your requests. It’s a complete missuse of power from bottom to top.

In my view, Akismet has the same status as all the crappy spam filters we see in email accounts. You still have to treat the spam folder as your inbox. Important mails end up in the spam folder every other day. What’s the point of a spam folder when you still have to treat it as an inbox and sort through all those mails in order to not miss any wanted mails?

The same applies to Akismet. Even on the local level the blog owners doesn’t have any power to white list a domain. What I mean is as simple as follows. If a blog owner finds a comment in the spam folder which he doesn’t think belong there and white list it, the domain will still be black listed even on the local level. So the next time that person comments on the blog it will still count as spam, even though the owner has explicitly marked it as okay on his blog.

Wow, having worked with Akismet from the very beginning in testing, you are giving them much more credit than they deserve. Akismet does reply to inquiries. I’ve had my own account end up in their queue on and off over the early years, but now, they have a validating system that protects much of this kind of misbehavior. Whitelists and blacklists are old fashioned methods, and not representative of the method Akismet now uses. Before condemning, why not take a little initiative and learn a little more about how it works.

Interesting how things have changed since this post was originally written in 2007. For instance, WordPress plugins are now easily kept updated right from your WP dashboard. But also, some things haven’t changed much at all. In particular, comment spam is still a big problem. Akisment remains one of the biggest, most well-known players in the anti-spam arena. Spammers have gotten tricky and come up with new ways to fool you into leaving their comments on your site so what is spam isn’t always obvious. Akisment does do a great job of helping those new to the world of blogging learn to recognize what is spam and what isn’t. That being said, what I don’t like about it is that you have to manually clean out your spam filter.

Much of the comment spam is left by spam bots, small computer programs that crawl the web and create comments, not by real people. For this reason, I use the Growmap Anti-spambot Plugin (GASP) on my site. It works by creating a checkbox that only the spam bots can see (humans don’t see it at all) and since a checkboxes are irresistible to bots, when that box is checked, GASP knows it was a bot — and the comment is never sent to your inbox, not even the spam folder. Therefore it controls spam without requiring CAPTCHCA (which is still used widely).

Personally, I’d rather have to manually approve/disapprove a handful of spam comments left by real people than take the time to delete thousands of spam comments left by bots. But that’s just my personal preference.

Actually, the majority of comment spam found on many sites today is created by human spammers, not bots. They can get through the hoops many set up like that Plugin you are talking about, to easy spam a site. CAPTCHAs have been banned by the industry for a long time as totally ineffective, as that Plugin is due to the huge number of human spammers. Akismet is our best friend when it comes to truly using crowd sourcing to battle comment spam. I haven’t found anything better in all the years I’ve been at this. Thanks!

[…] content and also a common headache of bloggers. Recently, Lorelle published a list, or better a review, of plugins that prevent spam from reaching the public pages of a WordPress blog. As usual, her […]

[…] easily be searched for, identifying illegal use of your content. You can read more about these in WordPress Plugins Battling Evil, AntiLeech Splog Stopper: Fighting Back Against Content Thieves, and Digital Fingerprints Help […]

[…] a little. They use new techniques, new IP addresses, some method that slips by Akismet and other comment spam fighting tools. Your Comments Panel overflows with comment spam. After marking 10 or 20 as comment spam, your […]

[…] in the message that you wish to appear at the end of every post. If you use WordPress, there are several plugins to help you do this job. I am not as familiar with TypePad, and I could not find any information on […]

[…] a link to a reference article they wrote or a direct link to their own blog’s URL, which some WordPress Plugins for feeds and copyrights inject automatically into blog feeds. Including at least one intrasite link in every blog post is a […]

[…] blogs, especially high volume and traffic blogs, have to deal with the issues of comment spam, so WordPress Plugins Battling Evil offers great tools and resources for stopping the flow of evil on the blog. International audiences […]

[…] There are so many things you can do with comments, from live commenting, various types of comment lists, threaded comments, silent (whispered) comments, count counting, comment scoring, and more. For information on handling comment spam, see WordPress Plugins Battling Evil. […]